Forum Discussion
Danny_Trinh_197
Nimbostratus
NimbostratusCheck ports TCP443, TCP5061, UDP3478, TCP-UDP-50000-59999
I'm still in elementary level of iRule. I have script below to check ports. This script is for MS Unified communication (UC). Can you go through to see if I miss some thing?
The scrip will do:
-if ports TCP-UDP 50000-59999, go to pool 1
-if ports TCP-443, TCP5601, go to pool2
-if port UDP3478, go to pool 3
-any thing else drop.
when CLIENT_ACCEPTED {
if { [[TCP::client_port] < 60000 && [TCP::client_port] > 49999] or [[UDP::client_port] < 60000 && [UDP::client_port] > 49999]} then {
Goto pool1
pool pool1
} elseif { [[TCP::client_port] == 443] or [[TCP::client_port] == 5061] } then {
Goto pool2
pool pool2
} elseif { [[UDP::client_port] == 3478] } then {
Goto pool3
pool pool3
} else {
drop
}
}
hoolioCirrostratus
Hi Danny,
The logic looks fine. But are you trying to check the source port the client makes the request from (TCP::client_port / UDP::client_port)) or the port the client is making the request to (TCP::local_port/UDP::local_port))?
Aaron
Danny_Trinh_197Honestly, I don't know. What would you recommend as best practice? Thanks,- hoolioI would expect you want to check the port that the client made the request to. So it would be TCP::local_port and UDP::local_port.
Understanding Protocols, Ports, and Services in Unified Messaging (Click here)
Aaron 
Desai_124243Hi, I wanna allow only 4 TCP/UDP ports from Virtual. Is below IRULE correct for it?
rule allowing_tcp_udp_traffic_rl { when CLIENT_ACCEPTED { Check if requested port is allowing only TCP 443, TCP 80, UDP 4500 and UDP 500 if { ( [TCP::client_port] != 443 or [TCP::client_port] != 80 or [UDP::client_port] != 500 or [TCP::client_port] != 4500 ) } { Drop request drop } }
}